Release date:
Updated on: 2013-04-12
Affected Systems:
Schneider Electric Concept
Schneider Electric ModbusCommDTM sl 2.x
Schneider Electric PowerSuite 2.x
Schneider Electric UnityLoader 2.x
Schneider Electric TwidoSuite 2.x
Description:
--------------------------------------------------------------------------------
Schneider Electric Group provides products and services for energy and infrastructure, industry, data centers and networks, buildings and residential areas.
Multiple Schneider Electric Products, Modbus drivers in parsing "Programming" mode when there is a buffer overflow vulnerability, can be exploited to cause a buffer overflow. After successful exploitation, arbitrary code can be executed. To exploit this vulnerability, You Need To trick users into opening malicious project files.
<* Source: Carsten Eiram
Link: http://secunia.com/advisories/52821/
Http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/viewer-news.page? C_filepath =/templatedata/Content/News/data/en/local/cybersecurity/general_info/2013/03/20130311_advisory_of_vulnerability_affecting_modbus_serial_driver.xm
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Schneider Electric
------------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabil
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
